PCI Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The PCI Data Security Standard applies to all organizations that hold or process cardholder information from American Express, Discover, JCB, MasterCard, and Visa branded credit and debit cards. The PCS standard was designed to ensure that companies apply rigorous procedures and systems to protect cardholder data from theft. All companies who accept these credit cards, regardless of their size, must adhere to the PCI DSS requirements, but larger merchants must also go through a third party audit by a Qualified Assessor to verify that the 12 requirements that make up the PCD DSS are met.
One of the PCI Data Security Standards (8.3) requires multi-factor authentication for remote access to networks and systems where credit card data is stored or processed. Multi-factor authentication requires an additional factor be used to verify a user’s identity. In most cases, a username and password are the first method. With multi-factor authentication, a second method of authentication is required.
For instance when you call your bank in order to obtain you balance and you are asked for a PIN or personal information that only you should know, such as the name of your favorite movie or your mother’s maiden name, multi-factor authentication is being put into play. Rather than using only a single form of authentication, multi-factor authentication requires the addition of multiple factors to prove the authenticity of the caller. Asking the caller to provide multiple pieces of information, like their account number and PIN or their account number and the answer to a secret question, is better than using just one piece of information to verify the identity of the user. However, multi-factor authentication is best when you combine two different types of authentication. An example is using a physical device like an ATM card in conjunction with a secret like a PIN. Other examples of multifactor authentication involve using a security token or fob in conjunction with a username and password. These methods offer stronger security by requiring both something you know and something you have to authenticate.
Many websites have accounts for users that require web authentication. This may require the input of additional personal information to authenticate who you are so you can obtain access to your online account. With password phishing attacks on the rise, requiring multi-factor authentication for websites can really help protect against identity theft and fraud.
For more resources regarding PCI DSS Compliance or even about Web authentication and especially about Multi-factor authentication please review these pages.
0 comments:
Post a Comment